War-Driving Technique Allows Wi-Fi Password-Cracking at Scale

A researcher was able to crack 70 percent of the gathered hashes in an experiment in a residential neighborhood. War-driving – the process of driving around mapping residential Wi-Fi networks…

A full analysis of Horus Eyes RAT

While continuously developing new techniques to bypass security mechanisms, cybercriminals have combined private and underground projects and brought them to update their cyber arsenal. Horus Eyes RAT (HE-RAT) is one…

Why the Next-Generation of Application Security Is Needed

New software and code stand at the core of everything we do, but how well is all of this new code tested? Luckily, autonomous application security is here. By David…

CISA warns of trojanized versions of JavaScript library’s NPM package

The warning comes days after three rogue packages, okhsa, klow, and klown discovered by DevSecOps firm Sonatype, were removed from the NPM repository. On Friday, the US Cybersecurity and Infrastructure…

Threat Actors Abuse Discord to Push Malware

The platform’s Content Delivery Network and core features are being used to send malicious files—including RATs–across its network of 150 million users, putting corporate workplaces at risk. Threat actors are…

U.S. Ban on Sales of Cyberattack Tools Is Anemic, Experts Warn

Meanwhile, Zerodium’s quest to buy VPN exploits is problematic, researchers said. The launch of a standing offer to pay for Windows virtual private network (VPN) software zero-day exploits came to…

TA551 Shifts Tactics to Install Sliver Red-Teaming Tool

A new email campaign from the threat group uses the attack-simulation framework in a likely leadup to ransomware deployment. The criminal threat group known as TA551 has added the Sliver…

US rolls out new rules governing export of hacking, cyberdefense tools

The US Commerce Department has released new rules designed to stop companies from selling hacking tools to China, Russia and other countries that may use them for nefarious purposes. The…

Introducing ATT&CK v10: More Objects, Parity and Features

Amy L. RobertsonOct 21 · 6 min read By Amy L. Robertson (MITRE), Alexia Crumpton (MITRE), and Chris Ante (MITRE) As announced a couple of weeks ago, we’re back with…

Russian Threat Actors Tempt YouTubers with Bogus Paid Collaborations to Hijack their Accounts

According to Google, YouTube influencers have been targeted with password-stealing malware in a phishing campaign allegedly conducted by Russian-speaking cybercriminals. Security experts with Google’s Threat Analysis Group (TAG), who first…